Do we need to rethink how we tackle security?
By silicon.com
Published: 1 August 2005 17:40 GMT
News of a potential weakness in Cisco routers has been causing a few sleepless nights. Sleepless nights for hackers who are working to exploit the problem, and sleepless nights for IT bosses wondering when the first attack will come.
Hackers, angered by Cisco's attempt to squash news of the potential flaw, are working non-stop to find a way to exploit it.
As one hacker put it: "The reason we're doing this is because someone said you can't."
Which is a fine response if you're an 11-year-old trying to steal one of your mum's freshly baked cookies.
But perhaps slightly less responsible when you are talking about developing an attack on the devices which direct traffic across the internet.
Because even if the hackers who are working on the attack are simply doing it for the thrill of the chase and to beef up their counter-cultural credibility, and have no intention of ever using it maliciously, someone else will.
Which means it's something companies have to start worrying about. No doubt many Cisco customers are deciding to get round to applying fixes to their router software to protect against the flaw.
The whole sorry episode puts the spotlight squarely back on IT's strange security ecosystem - where hackers can claim they are helping the industry by publicising security problems, and where vendors can be cast as the baddies for trying to suppress those details.
The user then is stuck somewhere in middle, trying to keep up with the latest must-have bug fix.
Perhaps some good will come of this. Companies will update their software to protect against the flaw, so that if and when an attack is launched it won't lead to widespread damage - which could have happened if a hacker had stumbled onto the flaw and decided to launch a sneak attack.
And perhaps the excitement the whole incident has provoked will give the industry cause to stop and think about the way it deals with product testing and security.
Of course no products can be perfectly secure when they are shipped, because that would stop innovation dead in its tracks. But at the moment there is a sense that too often the industry releases products too soon and just waits for the security researchers and hackers to spot flaws.
But as IT becomes so pervasive, can this uneasy balance - which leaves customers permanently scrambling to catch up - remain unchanged?
Cisco has had problem after problem after problem ...
Jack
This is nothing new. In the '70s Clive Sinclair m...
Anonymous
Remotely test data circuits, troubleshoot router problems, and work with third party vendors. Manage calls to achieve SLA's, ensure that customer ...
Duties/tasks: - Identify and exploit cross selling opportunities within the existing client base - Generate and manage own pipeline and weekly ...
The Helpdesk offers global support 5 days a week on a 24hr basis; therefore shift patterns (including nights) will apply and are rotated fortnightly. ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Is Your Enterprise Architected for Tomorrow's Growth?
Improving IT service delivery through an integrated approach to software asset management...
TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...
Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy